URL Policy Agent/Portal not for gateway

Consider LDAP (for intranet) and Radius (for intranet).
We would like to limit the access to certain URL's based upon the authentication scheme.
To do this we've created a policy:
URL Polict Agent URL=X and Authentication Radius OK from IP Internet
URL Polict Agent URL=X and Authentication LDAP OK from IP Intranet
It seems that the URL policy is not taken into account by the gateway or rewriter proxy for that matter.
Does this kind of policy only work if i'm accessing a webserver or proxy using the identity plugin?

The custom authentication module.... Does it determine what type of authentication to present to the user based on IP? E.g. LDAP or SecurID?
This is confusing me a bit - maybe just the term authentication module..... I'm currently thinking of it as another Service listed under the Authentication leaf of the left-hand-side of IdS AdminUI (Services or Identity Management -> Services). As I understand it - something else in the IdS triggers which module to use, or the module is requested in the URL.
Thus if the URL doesn't contain the module name, it would seem something in the Organizational auth config or a Policy Condition (Subject IP?) would trigger an authentication type based on source IP.
Since authnetication chaining causes problems with fall-through rather than executing lock-out, we use the SecurID & DS passcode/password services respectively, not IdS password reset (which we will implement in Lighthouse self-service capabiltity... later)
The result is either SRA/GW or IdS will need to select the auth module from the Source IP in the packet.
So you might see my confusion when referencing a custom auth module....

Similar Messages

  • URL Policy agent attributes - Not displayed

    I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Identity Server installed alongwith the Portal.
    When I click on the Policy agent in the Identity Server console , it displays the following message
    "There are no attributes to display for this entry".
    How to obtain the attributes for the URL Policy Agent Service .Is this a problem concerning the IS . Can anyone throw light on this issue.
    thanx in advance
    raj

    It's the way it supposed to be. There is no configurable attributes for this service.

  • URL Policy agent attributes -

    I installed a Policy Agent on a remote Web Server and pointed the policy agent to the Portal's Identity Server .
    When I click on the Policy agent in the Identity Server console , it displays the following message
    "There are no attributes to display for this entry".
    How to obtain the attributes for the URL Policy Agent .Is this a problem concerning the IS . Can anyone throw light on this issue.
    thanx in advance
    raj

    It's the way it supposed to be. There is no configurable attributes for this service.

  • Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

    Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
    Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
    2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
    e in ap_table
    2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
    y (com.sun.am.policy.agents.accessDeniedURL) specified
    2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
    d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
    nied (20)
    2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
    d access to http://xx.xx.xx.net:8080/.
    2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
    s denied to testuser1
    We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
    Any suggestions would be of great help.
    Thanks,
    Sunil.

    From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
    information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.crypto.provider.IBMJCE
    security.provider.3=com.ibm.jsse.IBMJSSEProvider
    security.provider.4=com.ibm.security.cert.IBMCertPath
    security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
    Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

  • Policy Agent 2.2 for Apache HTTP Server

    hi,
    I'm trying to configure Policy Agent 2.2 for apache http server.
    The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
    Then I log into access manager, but I'm redirected to an error page.
    Looking in log files I can see:
    agent's "amAgent" log file:
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                   Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                   Content-Type: text/xml; charset=UTF-8
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
    Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
    Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
    Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
    Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
    Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
    Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
    Access Manager's "amAuthentication.error" log file:
    "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
    I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
    I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
    Where should I look to get more info about this problem? Specific log file?
    Is it due to wrong name/id/password of the agent? I really checked them many times...
    Thanks
    Fabio

    I think the error message "Application user ID is not valid" is pretty self evident.
    Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
    If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

  • Sun One Identity Server Policy Agent 2.0 for IIS 5.0

    Hi,
    I try to use Sun Indentity Server with IIS, so I installed policy agent 2.0 for IIS 5.0. my operating system is Windows 2000 professional. I can see the ISAPI fiiter is loaded, but when I try to test the installation by access a testing page, like http://localhost/test.asp, I can not go anywhere, the sun identity server log in page is not loaded. I checked the debug log file, there are just two warning message:
    2003-02-12 11:11:52.314 Warning 1316:00A548E8 PolicyAgent: Invalid URL for property (com.sun.am.policy.agents.accessDeniedURL) specified
    2003-02-12 11:11:52.798 Warning 1316:00A548E8 PolicyAgent: FqdnHandler::FqdnHandler() No value specified for fqdnMap.
    Could someone help me out here? Any suggestion will be appreciated.
    Thanks,
    Harold Chen

    Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

  • This log -------------policy agent 2.1 for iis5.0

    Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
    Sun\Identity_Server\Agents\2.1\debug\C__Inetpub_wwwroot\amAgent
    2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): Identity Server Cookie not found.
    2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
    2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): No cookies found.
    2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
    2004-07-25 18:07:53.921 Error 1064:00D01120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult with error message:Policy not found for resource: http://guorui.mygodsun.com:49153/index.asp and code:7
    2004-07-25 18:07:53.921 Warning 1064:00D01120 PolicyAgent: am_web_is_access_allowed(http://guorui.mygodsun.com:49153/index.asp, GET) denying access: status = no policy found (7)
    2004-07-25 18:07:53.937 128 1064:00D01120 RemoteLog: User amAdmin was denied access to http://guorui.mygodsun.com:49153/index.asp.
    2004-07-25 18:07:54.062 Error 1064:00D01120 PolicyAgent: do_redirect(): Error while calling am_web_get_redirect_url(): status = success
    2004-07-25 18:07:54.078 Error 1064:00D01120 PolicyAgent: do_redirect() WriteClient did not succeed: Attempted message = HTTP/1.1 403 Forbidden
    Content-Length: 13
    Content-Type: text/plain
    403 Forbidden
    from that log,help me
    my:
    Sun Java System Identity Server 6.1
    Sun Java System Directory Server 5.2
    Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
    help me for that how config?
    what error ?
    thanks!

    Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
    Here are some of tips for debugging Web agent.
    From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
    Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
    Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
    Don't forget to restart the whole IIS service using internet
    management console after making agent changes.
    Some of the common error codes:
    20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
    7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

  • Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token

    Hi
    I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
    After installing the Policy Agent, Tomcat is not starting.
    The Error in the stack is :
    =========
    Jun 14, 2009 2:21:00 AM
    org.apache.tomcat.util.digester.Digester startElement
    SEVERE: Begin event threw error
    java.lang.ExceptionInInitializerError
    at
    com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
    uration(AgentConfiguration.java:682)
    Caused by:
    com.sun.identity.security.AMSecurityPropertiesException:
    AdminTokenAction: FATAL ERROR: Cannot obtain Application
    SSO token.
    Check AMConfig.properties for the following properties
    com.sun.identity.agents.app.username
    com.iplanet.am.service.password
    at
    com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
    258)
    =========
    There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
    Is there a workaround for this issue ?
    Cheers.

    Hi,
    I have the same Problem, did you come up with a solution for it?
    thanks
    Matrius

  • SUn Policy Agent 2.2 for Weblogic 92

    We are using SUN POlicy agent 2.2. (for Weblogic) for Access Manager 6.3
    For this particular application I intermittantly get SSOToken invald message
    Its a sporadic behavior (sometimes work sometime does not)
    error -
    02/02/2007 12:22:41:057 PM EST: Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]
    SSOTokenValidator.validate(): Exception caught
    com.iplanet.sso.SSOException: AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=# Invalid session ID.AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=#

    check the patch level of AM 6.3, it should be higher than 1

  • Problem in POST data preserve in Policy Agent 2.2 for SJSWS 6.1

    Hi
    I am using Policy Agent 2.2 for SJSWS 6.1
    I have a requirement to preserve the POST data when during the following situation.
    Consider a situation where in the user has logged in to our webapp and the user remains in a page which has a form with Post method .
    Mean while the session (of AM) times out and now the user enters the data in the data and submits the form.
    The user will be redirected to the login page and then the requested service should be performed, which is not happening in this case(POST). Suppose in if the form used a GET method this works fine.
    I have tried by configuring the following property in AMAgent.properties file.
    com.sun.am.policy.agents.config.postdata.preserve.enable = true
    But it doesn't work. When I tried to troubleshoot, I learned from the following resource that, POST data preservation is only supported on Policy Agent 2.2 for Sun Java System Web Server 7.0 Is it not supported on 6.1?
    http://docs.sun.com/app/docs/doc/820-1130/gaueu
    I get the following error in the log file of SJSWS.
    trying to POST /dummypost/sunpostpreserve2007-09-2804:48:53.379, send-file reports: HTTP4142: can't find /opt/SUNWwbsvr/docs/dummypost/sunpostpreserve2007-09-2804:48:53.379 (File not found)
    I have verified that the following entry is made in the obj.conf
    PathCheck fn=validate_session_policy
    <Object ppath="*/dummypost/sunpostpreserve*">
    Service type=text/* method=(GET) fn=append_post_data
    </Object>
    <Object ppath="*/UpdateAgentCacheServlet*">
    Service type=text/* method=(POST) fn=process_notification
    </Object>
    I am using the PA 2.2 which says that the following bug is fixed.
    Bug(s) fixed in 2.2 RTM Hotpatch 8
    ==================================
    Bug#: 6545159
    Agent type: Sun Java System Web Server agent
    Description: CDSSO mode wipes out form post data
    Appreciate your help.
    thanks & regards
    Madhu

    Hi
    Now I get 404 error and the logs in amAgent is
    2007-10-03 04:56:20.922 Error 22356:a51e558 PolicyAgent: Error Registering POST content body
    2007-10-03 04:56:20.922MaxDebug 22356:a51e558 PolicyAgent: Register POST content body : (null)
    2007-10-03 04:56:20.923 Debug 22356:a51e558 PolicyAgent: Register POST data key :2007-10-0304:56:20.922
    2007-10-03 04:56:20.923 Error 22356:a51e558 PolicyAgent: am_web_postcache_insert(): Unknown exception encountered.
    2007-10-03 04:56:20.923 Warning 22356:a51e558 PolicyAgent: Register POST data insert into hash table failed:2007-10-0304:56:20.922
    And in the errors log file of SJSWS is+_
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="uri-clean" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="uri-clean" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-pathinfo" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-pathinfo" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index-j2ee" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index-j2ee" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck"
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="validate_session_policy" Directive="PathCheck"
    [03/Oct/2007:05:13:05] fine (22515): Updating accelerator cache
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="validate_session_policy" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-j2ee" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-j2ee" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-by-extension" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-by-extension" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="force-type" type="text/plain" Directive="ObjectType"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="force-type" type="text/plain" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service"
    [03/Oct/2007:05:13:14] warning (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, send-file reports: HTTP4142: can't find /opt/WMS/rel/www/webserver7/https-localhost.localdomain/docs/dummypost/sunpostpreserve2007-10-0304:56:20.922 (File not found)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service" returned -1 (REQ_ABORTED)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="error-j2ee" Directive="Error"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="error-j2ee" Directive="Error" returned -2 (REQ_NOACTION)
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="flex-log" Directive="AddLog"
    [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="flex-log" Directive="AddLog" returned 0 (REQ_PROCEED)
    thanks
    Madhu

  • Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

    Hi,
    I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
    After configyration, I try to access the resources http://myweb.org.cn/test/test.html
    The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
    Is this because of URL policy agent don't support IS 6.1?
    Many thanks,

    Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
    Setup Info:
    - OS is RHEL 4.0
    - Sun ONE Web Server 6.1SP7
    - Policy Agent 2.2

  • Policy Agent 2.1 for IBM WebSphere Application Server 5.0 can't install

    I install Policy Agent 2.1 for IBM WebSphere Application Server 5.0
    But Can't install success
    resone:
    Base Installation completed Successfully
    WebSphere 5.0 Agent ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/am_sdk.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_services.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_sso_provider.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_logging.jar;C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1;C:/Sun/IdentityServer/j2ee_agents/locale
    WebSphere 5.0 Agent Boot ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/jdk_logging.jar
    WebSphere 5.0 Agent JVM options : -Damconfig=AMAgent -Dmax_conn_pool=10 -Dmin_conn_pool=1 -Dcom.iplanet.coreservices.configpath=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/ums -Djava.util.logging.manager=com.sun.identity.log.LogManager -Djava.util.logging.config.file=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/AMAgent.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol -Dws.ext.dirs=C:/Sun/IdentityServer/j2ee_agents/lib
    The server.policy file was configured successfully.
    Global Security Settings Configured Successfully.
    sas.client.props file Configuration FAILED.
    soap.client.props file Configuration FAILED.
    sas.client.props /soap.client.props two file how to Configuration ??

    From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
    information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.crypto.provider.IBMJCE
    security.provider.3=com.ibm.jsse.IBMJSSEProvider
    security.provider.4=com.ibm.security.cert.IBMCertPath
    security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
    Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

  • Sun Policy Agent 2.2 for BEA WebLogic Server/Portal 9.2

    Do you know where can I download this agent? I've searched a lot but no chance. The only available one in the download index page is the 9.0/9.1 agent. Any idea?
    Best regards

    All this time later, and the download for this agent isn't showing up in the right place.
    For now, my blog might be the easiest place to go for Policy Agent 2.2 docs and downloads:
    http://blogs.sun.com/JohnD/page/policyagent
    The quick and dirty answer to thge question is here:
    http://www.sun.com/download/products.xml?id=45cb8a2a
    John D.

  • Access Manager Policy Agent 2.2 for Oracle 10g

    I Installed AM Policy Agent 2.2 on Oracle App Server 10g (10.1.3). After install I don't get the redirect to the AM login page. The agent does not appear to be activated. When I restart the Oracle App server I expect to see logs entries from the agent in <agenthome>/logs/debug, but I don't get any log entries.
    The agent was installed as oracle (same as the 10g server).
    Entries in the 10g global application.xml for the agent:
    ibrary path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/agent_001/config">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/locale">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/agent.jar">
    </library>
    <library path="/opt/AMAgent/j2ee_agents/am_oracle1012_agent/lib/amclientsdk.jar">
    </library>
    AMAgent.properties settings:
    com.iplanet.services.debug.level=message
    com.sun.identity.agents.config.filter.mode = URL_POLICY
    My goal is to protect all apps with SSO and basic url policies.
    Any ideas on what I'm doing wrong? missing?

    Hi,
    have you added the agent filter for the application you are trying to protect
    <filter>
    <filter-name>Agent</filter-name>
    <display-name>Agent</display-name>
    <filter-class>
    com.sun.identity.agents.filter.AmAgentFilter
    </filter-class>
    </filter>
    <filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

  • Problem in POST data preserve in Policy Agent 2.2 for SJSWS 7.0

    Hi
    Appreciate your help.
    I am using SJSWS 7.0 U1 and the PA for the same.
    I have a requirement to preserve the POST data when during the following situation.
    Consider a situation where in the user has logged in to our webapp and the user remains in a page which has a form with Post method .
    Mean while the session (of AM) times out and now the user enters the data in the data and submits the form.
    The user will be redirected to the login page and then the requested service should be performed, which is not happening in this case(POST). Suppose in if the form used a GET method this works fine.
    I get 500 internal server in the browser.
    I have set the following property to true in AMAgent.properties to true.
    com.sun.am.policy.agents.config.postdata.preserve.enable
    My obj.conf has the following entry.
    <Object ppath="*/dummypost/sunpostpreserve*">
    Service type=text/* method=(GET|HEAD|POST) fn=append_post_data
    (note It had only GET originally)
    </Object>
    <Object ppath="*/UpdateAgentCacheServlet*">
    Service type=text/* method=(POST) fn=process_notification
    </Object>
    The amAgent Logfile has the following errors
    2007-10-03 07:03:05.735 Error 22984:92e14d8 PolicyAgent: Error Registering POST content body
    2007-10-03 07:03:05.735MaxDebug 22984:92e14d8 PolicyAgent: Register POST content body : (null)
    2007-10-03 07:03:05.735 Debug 22984:92e14d8 PolicyAgent: Register POST data key :2007-10-0307:03:05.735
    2007-10-03 07:03:05.735 Error 22984:92e14d8 PolicyAgent: am_web_postcache_insert(): Unknown exception encountered.
    2007-10-03 07:03:05.735 Warning 22984:92e14d8 PolicyAgent: Register POST data insert into hash table failed:2007-10-0307:03:05.735
    2007-10-03 07:03:09.093MaxDebug 22984:92e14d8 PolicyAgent: validate_session_policy(): Completed handling request with status: success.
    2007-10-03 07:03:09.093 Debug 22984:92e14d8 PolicyAgent: POST Magic Query Value : 2007-10-0307:03:05.735
    2007-10-03 07:03:09.093 Debug 22984:92e14d8 PolicyAgent: Found magic URI but entry not in POST Hash table :2007-10-0307:03:05.735
    And the errors log in the SJSWS.
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="uri-clean" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-pathinfo" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-pathinfo" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-index-j2ee" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-index-j2ee" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="validate_session_policy" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="validate_session_policy" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="type-j2ee" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="type-j2ee" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="type-by-extension" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="type-by-extension" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="force-type" type="text/plain" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="force-type" type="text/plain" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing type="text/*" method="(GET|HEAD|POST)" fn="append_post_data" Directive="Service"
    [03/Oct/2007:06:50:39] failure (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: HTTP2302: Function append_post_data aborted the request without setting the status code
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: type="text/*" method="(GET|HEAD|POST)" fn="append_post_data" Directive="Service" returned -1 (REQ_ABORTED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="error-j2ee" Directive="Error"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="error-j2ee" Directive="Error" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="flex-log" Directive="AddLog"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="flex-log" Directive="AddLog" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:40] fine (22984): Updating accelerator cache
    regards
    Madhu M

    Hi
    Appreciate your help.
    I am using SJSWS 7.0 U1 and the PA for the same.
    I have a requirement to preserve the POST data when during the following situation.
    Consider a situation where in the user has logged in to our webapp and the user remains in a page which has a form with Post method .
    Mean while the session (of AM) times out and now the user enters the data in the data and submits the form.
    The user will be redirected to the login page and then the requested service should be performed, which is not happening in this case(POST). Suppose in if the form used a GET method this works fine.
    I get 500 internal server in the browser.
    I have set the following property to true in AMAgent.properties to true.
    com.sun.am.policy.agents.config.postdata.preserve.enable
    My obj.conf has the following entry.
    <Object ppath="*/dummypost/sunpostpreserve*">
    Service type=text/* method=(GET|HEAD|POST) fn=append_post_data
    (note It had only GET originally)
    </Object>
    <Object ppath="*/UpdateAgentCacheServlet*">
    Service type=text/* method=(POST) fn=process_notification
    </Object>
    The amAgent Logfile has the following errors
    2007-10-03 07:03:05.735 Error 22984:92e14d8 PolicyAgent: Error Registering POST content body
    2007-10-03 07:03:05.735MaxDebug 22984:92e14d8 PolicyAgent: Register POST content body : (null)
    2007-10-03 07:03:05.735 Debug 22984:92e14d8 PolicyAgent: Register POST data key :2007-10-0307:03:05.735
    2007-10-03 07:03:05.735 Error 22984:92e14d8 PolicyAgent: am_web_postcache_insert(): Unknown exception encountered.
    2007-10-03 07:03:05.735 Warning 22984:92e14d8 PolicyAgent: Register POST data insert into hash table failed:2007-10-0307:03:05.735
    2007-10-03 07:03:09.093MaxDebug 22984:92e14d8 PolicyAgent: validate_session_policy(): Completed handling request with status: success.
    2007-10-03 07:03:09.093 Debug 22984:92e14d8 PolicyAgent: POST Magic Query Value : 2007-10-0307:03:05.735
    2007-10-03 07:03:09.093 Debug 22984:92e14d8 PolicyAgent: Found magic URI but entry not in POST Hash table :2007-10-0307:03:05.735
    And the errors log in the SJSWS.
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="uri-clean" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-pathinfo" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-pathinfo" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-index-j2ee" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-index-j2ee" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="validate_session_policy" Directive="PathCheck"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="validate_session_policy" Directive="PathCheck" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="type-j2ee" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="type-j2ee" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="type-by-extension" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="type-by-extension" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="force-type" type="text/plain" Directive="ObjectType"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="force-type" type="text/plain" Directive="ObjectType" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing type="text/*" method="(GET|HEAD|POST)" fn="append_post_data" Directive="Service"
    [03/Oct/2007:06:50:39] failure (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: HTTP2302: Function append_post_data aborted the request without setting the status code
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: type="text/*" method="(GET|HEAD|POST)" fn="append_post_data" Directive="Service" returned -1 (REQ_ABORTED)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="error-j2ee" Directive="Error"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="error-j2ee" Directive="Error" returned -2 (REQ_NOACTION)
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: executing fn="flex-log" Directive="AddLog"
    [03/Oct/2007:06:50:39] finest (22984): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0306:50:35.348, func_exec reports: fn="flex-log" Directive="AddLog" returned 0 (REQ_PROCEED)
    [03/Oct/2007:06:50:40] fine (22984): Updating accelerator cache
    regards
    Madhu M

Maybe you are looking for

  • It can't disable i mean it wont open it says to connect to itunes and I did

    it wont unable

  • Router WRT54GL with Windows Vista

    Greetings, We just bought two Dell E520 computers that will come pre loaded with Windows Vista OS. I also have a WRT54GL router still fresh in the box and un opened. When we receive our new computers we want to use our new WRT54GL router with the two

  • Major query performance differnce between oracle 8 and 9

    Hello, I have the following query    select distinct UPPER(rf.module), ruf.rpt_seq      from role_func rf, rd_url_func ruf     where role_name = 'ADMIN'       and UPPER(rf.module) not in (select UPPER(ruf.module)                                     

  • Please comment if this is a BUG in MII 12.2 or Normal?

    Hi, MII Version in Use:- 12.2.2 Build(235) I am trying to use "TransactionPath" function from Link editor to obtain the path for current transaction. Now when I execute this transaction from workbench, everything works fine as expected and desired. T

  • Flash video on youtube

    guys ive been using a nokia 5530 for months now..youtube used to work fine with the switch to flash video player beta tag but recently it appears no more my brother has an N97 it works on his whenever i try to access its just shows the old menu as it